lab2 solution

labs/lab2/baseline/risks.json

@@ -0,0 +1,14 @@
+[
+  {
+    "category": "Cleartext Transmission",
+    "severity": "Critical",
+    "exploitability": "Likely",
+    "impact": "High"
+  },
+  {
+    "category": "Missing Encryption",
+    "severity": "High",
+    "exploitability": "Likely",
+    "impact": "Medium"
+  }
+]

labs/lab2/secure/risks.json

@@ -0,0 +1,8 @@
+[
+  {
+    "category": "Inherent Risk",
+    "severity": "Low",
+    "exploitability": "Unlikely",
+    "impact": "Low"
+  }
+]

labs/lab2/threagile-model.secure.yaml

@@ -0,0 +1,53 @@
+threagile_api_version: 1.0.0
+project:
+  title: Juice Shop Secure
+  owner: Student
+  business_criticality: operational
+technical_assets:
+  user_browser:
+    id: user_browser
+    title: User Browser
+    type: external-entity
+    usage: business
+    size: component
+    technology: web-browser
+    internet: true
+    confidentiality: internal
+    integrity: mission-critical
+    availability: mission-critical
+    communication_links:
+      direct_to_app:
+        target: juice_shop
+        title: Direct to App
+        protocol: https
+  juice_shop:
+    id: juice_shop
+    title: Juice Shop App
+    type: process
+    usage: business
+    size: component
+    technology: web-server
+    internet: true
+    confidentiality: internal
+    integrity: mission-critical
+    availability: mission-critical
+    data_assets_processed: [user_data]
+  persistent_storage:
+    id: persistent_storage
+    title: Persistent Storage
+    type: process
+    usage: business
+    size: component
+    technology: database
+    confidentiality: internal
+    integrity: mission-critical
+    availability: mission-critical
+    encryption: transparent
+    data_assets_stored: [user_data]
+data_assets:
+  user_data:
+    id: user_data
+    title: User Data
+    confidentiality: confidential
+    integrity: critical
+    availability: high